OpenCVE

Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 2003 Server Windows Xp

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_2003_server:-:sp2::::::
	cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:professional_x64:::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

No data.

References

Link	Providers
http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
http://secunia.com/advisories/36187
http://www.iss.net/threats/329.html
http://www.securitytracker.com/id?1022712
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
http://www.vupen.com/english/advisories/2009/2232
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5850

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-07T23:00:00

Updated: 2024-08-07T07:32:23.813Z

Reserved: 2007-12-13T00:00:00

Link: CVE-2008-0020

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-07-07T23:30:00.217

Modified: 2024-11-21T00:40:59.400

Link: CVE-2008-0020

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-06T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka \"ATL Header Memcopy Vulnerability,\" a different vulnerability than CVE-2008-0015."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "TA09-223A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"}, {"name": "36187", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36187"}, {"name": "oval:org.mitre.oval:def:5850", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5850"}, {"name": "ADV-2009-2232", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2232"}, {"name": "MS09-037", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"}, {"name": "1022712", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022712"}, {"name": "20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_ISS"], "url": "http://www.iss.net/threats/329.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka \"ATL Header Memcopy Vulnerability,\" a different vulnerability than CVE-2008-0015."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "TA09-223A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"}, {"name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx", "refsource": "MISC", "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"}, {"name": "36187", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36187"}, {"name": "oval:org.mitre.oval:def:5850", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5850"}, {"name": "ADV-2009-2232", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2232"}, {"name": "MS09-037", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"}, {"name": "1022712", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022712"}, {"name": "20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities", "refsource": "ISS", "url": "http://www.iss.net/threats/329.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:32:23.813Z"}, "title": "CVE Program Container", "references": [{"name": "TA09-223A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"}, {"name": "36187", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36187"}, {"name": "oval:org.mitre.oval:def:5850", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5850"}, {"name": "ADV-2009-2232", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2232"}, {"name": "MS09-037", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"}, {"name": "1022712", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022712"}, {"name": "20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities", "tags": ["third-party-advisory", "x_refsource_ISS", "x_transferred"], "url": "http://www.iss.net/threats/329.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0020", "datePublished": "2009-07-07T23:00:00", "dateReserved": "2007-12-13T00:00:00", "dateUpdated": "2024-08-07T07:32:23.813Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "3C0C7D2B-0AA5-4E82-B58B-2668A0EAC2E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium:*:*:*:*:*", "matchCriteriaId": "C0D88E59-0DDC-4AE0-83B8-0C9DADAB2733", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*", "matchCriteriaId": "4D5F7729-A095-43DF-BF2F-B4B6938087FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*", "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka \"ATL Header Memcopy Vulnerability,\" a different vulnerability than CVE-2008-0015."}, {"lang": "es", "value": "Una vulnerabilidad no especificada en el m\u00e9todo Load en la interfaz IPersistStreamInit de Active Template Library (ATL), tal y como es usado en el control ActiveX de Microsoft Video en la biblioteca msvidctl.dll en DirectShow, en Windows 2000 SP4, XP SP2 y SP3, Server 2003 SP2, Vista versi\u00f3n Gold, SP1, y SP2, y Server 2008 versi\u00f3n Gold y SP2 de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de vectores desconocidos que desencadenan una corrupci\u00f3n de memoria, tambi\u00e9n se conoce como \"ATL Header Memcopy Vulnerability\", una vulnerabilidad diferente de CVE-2008-0015."}], "id": "CVE-2008-0020", "lastModified": "2024-11-21T00:40:59.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-07-07T23:30:00.217", "references": [{"source": "cve@mitre.org", "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36187"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/threats/329.html"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1022712"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2232"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/threats/329.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022712"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/2232"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5850"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}